On Thu, 2006-11-16 at 00:14 -0600, wayne wrote:
> In <[EMAIL PROTECTED]> Douglas Otis
> <[EMAIL PROTECTED]> writes:
>
> You can always publish SPF records along the lines of:
>
> "v=spf1 exists:%{ir}._whitelist.large-domain.com -all"
>
> This creates a DNSBL-type lookup. As I'm sure you are quite aware,
> DNSBLs can scale to very large sizes. This will cost one extra DNS
> lookup. If you want to optimize it, you can use the ip4: mechanism to
> list your most common sending IP addresses at the beginning.
If this scheme were the _only_ solution, an immense threat would have
been avoid (along with the extra lookup). Publishing white-lists can
still be accommodated with APL using standardized prefixes.
SPF is like using scripts, rather than bitmaps, to describe fonts
offering any number of features, such as flashing text, moving arrows,
and winking smiley faces. Alas, as with any script, evil remains
possible and can lurk within the obfuscation of complexity and
variability.
-Doug
.
dnsop resources:_____________________________________________________
web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html
mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
